Checkmarx · cx-pedro-lopes · Dec 23, 2021 · Dec 23, 2021 · Dec 23, 2021 · Dec 23, 2021
diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginConstants.java
@@ -23,6 +23,7 @@ public class PluginConstants {
 	public static final String ERROR_FINDING_FILE = "An error occurred while finding file in workspace: %s";
 	public static final String ERROR_GETTING_GIT_BRANCH = "An error occurred while getting git branch: %s";
 	public static final String ERROR_BUILDING_CX_WRAPPER = "An error occurred while instantiating a CxWrapper: %s";
+	public static final String ERROR_FINDING_OR_DELETING_MARKER = "An error occurred while finding or deleting a marker from Problems View: %s";
 
 	/******************************** LOG VIEW: INFO ********************************/
 	public static final String INFO_AUTHENTICATION_STATUS = "Authentication Status: %s";
@@ -49,5 +50,8 @@ public class PluginConstants {
 
 	/******************************** TOPICS ********************************/
 	public static final String TOPIC_APPLY_SETTINGS = "ApplySettings";
+
+	/******************************** PROBLEMS VIEW ********************************/
+	public static final String PROBLEM_SOURCE_ID = "CheckmarxEclipsePlugin";
 
 }
diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/utils/PluginUtils.java
@@ -3,16 +3,29 @@
 import java.time.Instant;
 import java.time.ZoneId;
 import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
+import org.eclipse.core.resources.IFile;
+import org.eclipse.core.resources.IMarker;
+import org.eclipse.core.resources.IResource;
+import org.eclipse.core.resources.IResourceProxy;
+import org.eclipse.core.resources.IResourceProxyVisitor;
+import org.eclipse.core.resources.IWorkspace;
+import org.eclipse.core.resources.ResourcesPlugin;
+import org.eclipse.core.runtime.CoreException;
+import org.eclipse.core.runtime.Path;
 import org.eclipse.e4.core.services.events.IEventBroker;
 import org.eclipse.jface.action.Action;
 import org.eclipse.jface.viewers.ComboViewer;
 import org.eclipse.jface.viewers.TreeViewer;
 import org.eclipse.ui.PlatformUI;
 
+import com.checkmarx.ast.results.result.Node;
+import com.checkmarx.ast.results.result.Result;
 import com.checkmarx.eclipse.enums.ActionName;
+import com.checkmarx.eclipse.enums.Severity;
 import com.checkmarx.eclipse.properties.Preferences;
 import com.checkmarx.eclipse.views.DataProvider;
 import com.checkmarx.eclipse.views.DisplayModel;
@@ -22,6 +35,7 @@ public class PluginUtils {
 
 	private static final String PARAM_TIMESTAMP_PATTERN = "yyyy-MM-dd | HH:mm:ss";
 	private static final String PARAM_SCAN_ID_VALID_FORMAT = "[a-f0-9]{8}-[a-f0-9]{4}-[1-5][a-f0-9]{3}-[89ab][a-f0-9]{3}-[0-9a-f]{12}";
+	private static final String PARAM_LINE = "line %d";
 
 	/**
 	 * Converts a String timestamp to a specific format
@@ -114,11 +128,132 @@ public static void showMessage(DisplayModel rootModel, TreeViewer viewer, String
 		viewer.refresh();
 	}
 
+	/**
+	 * Get Event Broker
+	 * 
+	 * @return
+	 */
 	public static IEventBroker getEventBroker() {
 		return (IEventBroker) PlatformUI.getWorkbench().getService(IEventBroker.class);
 	}
 
+	/**
+	 * Check if checkmarx credentials are defined in the Preferences
+	 * 
+	 * @return
+	 */
 	public static boolean areCredentialsDefined() {
 		return StringUtils.isNotBlank(Preferences.getServerUrl()) && StringUtils.isNotBlank(Preferences.getTenant()) && StringUtils.isNotBlank(Preferences.getApiKey());
 	}
+
+	/**
+	 * Add Checkmarx vulnerabilities to Problems View
+	 * 
+	 * @param resultsList
+	 */
+	public static void addVulnerabilitiesToProblemsView(List<Result> resultsList) {
+		for (Result result : resultsList) {
+			List<Node> nodeList = result.getData().getNodes();
+
+			if (nodeList == null) {
+				continue;
+			}
+
+			for (Node node : nodeList) {
+				String fileName = node.getFileName();
+				Path filePath = new Path(fileName);
+				List<IFile> filesFound = findFileInWorkspace(filePath.lastSegment());
+
+				for (IFile file : filesFound) {
+					try {
+						IMarker fileMarker = file.createMarker(IMarker.PROBLEM);
+						fileMarker.setAttribute(IMarker.MESSAGE, node.getName());
+						fileMarker.setAttribute(IMarker.LOCATION, String.format(PARAM_LINE, node.getLine()));
+						fileMarker.setAttribute(IMarker.LINE_NUMBER, node.getLine());
+						fileMarker.setAttribute(IMarker.SOURCE_ID, PluginConstants.PROBLEM_SOURCE_ID);
+						fileMarker.setAttribute(IMarker.SEVERITY, getIMarkerSeverity(result.getSeverity()));
+					} catch (CoreException e) {
+						CxLogger.error(String.format(PluginConstants.ERROR_OPENING_FILE, e.getMessage()), e);
+					}
+				}
+			}
+		}
+	}
+
+	/**
+	 * Get IMarker severity based on each checkmarx result severity
+	 * 
+	 * @param resultSeverity
+	 * @return
+	 */
+	private static Integer getIMarkerSeverity(String resultSeverity) {
+		Severity severity = Severity.getSeverity(resultSeverity);
+
+		switch (severity) {
+		case CRITICAL:
+			return IMarker.SEVERITY_ERROR;
+		case HIGH:
+			return IMarker.SEVERITY_ERROR;
+		case MEDIUM:
+			return IMarker.SEVERITY_WARNING;
+		case LOW:
+			return IMarker.SEVERITY_INFO;
+		case INFO:
+			return IMarker.SEVERITY_INFO;
+		default:
+			break;
+		}
+
+		return IMarker.SEVERITY_INFO;
+	}
+
+	/**
+	 * Find files in workspace
+	 * 
+	 * @param fileName
+	 * @return
+	 */
+	private static List<IFile> findFileInWorkspace(final String fileName) {
+		final List<IFile> foundFiles = new ArrayList<IFile>();
+		try {
+			// visiting only resources proxy because we obtain the resource only when matching name, thus the workspace traversal is much faster
+			ResourcesPlugin.getWorkspace().getRoot().accept(new IResourceProxyVisitor() {
+				@Override
+				public boolean visit(IResourceProxy resourceProxy) throws CoreException {
+					if (resourceProxy.getType() == IResource.FILE) {
+						String resourceName = resourceProxy.getName();
+						if (resourceName.equals(fileName)) {
+							IFile foundFile = (IFile) resourceProxy.requestResource();
+							foundFiles.add(foundFile);
+						}
+					}
+					return true;
+				}
+			}, IResource.NONE);
+		} catch (Exception e) {
+			CxLogger.error(String.format(PluginConstants.ERROR_FINDING_FILE, e.getMessage()), e);
+		}
+		return foundFiles;
+	}
+
+	/**
+	 * Clear checkmarx vulnerabilities from Problems View
+	 */
+	public static void clearVulnerabilitiesFromProblemsView() {
+		IWorkspace workspace = ResourcesPlugin.getWorkspace();
+		IResource resource = workspace.getRoot();
+		IMarker[] markers;
+
+		try {
+			markers = resource.findMarkers(IMarker.MARKER, true, IResource.DEPTH_INFINITE);
+
+			for (IMarker m : markers) {
+				if(m.getAttribute(IMarker.SOURCE_ID) != null && m.getAttribute(IMarker.SOURCE_ID).equals(PluginConstants.PROBLEM_SOURCE_ID)) {
+					m.delete();
+				}
+			}			
+		} catch (CoreException e) {
+			CxLogger.error(String.format(PluginConstants.ERROR_FINDING_OR_DELETING_MARKER, e.getMessage()), e);
+		}
+	}
 }
diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/CheckmarxView.java
@@ -181,6 +181,9 @@ public void dispose() {
 	@Override
 	public void createPartControl(Composite parent) {
 		this.parent = parent;
+
+		// Clear vulnerabilities from Problems View
+		PluginUtils.clearVulnerabilitiesFromProblemsView();
 
 		if(PluginUtils.areCredentialsDefined()) {
 			drawPluginPanel();
@@ -674,6 +677,8 @@ private void onProjectChangePluginLoading(String projectId) {
 		// Hide center and right panels
 		resultViewComposite.setVisible(false);
 		attackVectorCompositePanel.setVisible(false);
+		// Clear vulnerabilities from Problems View
+		PluginUtils.clearVulnerabilitiesFromProblemsView();
 	}
 
 	/**
@@ -770,6 +775,8 @@ private void onBranchChangePluginLoading(String branch) {
 		// Hide center and right panels
 		resultViewComposite.setVisible(false);
 		attackVectorCompositePanel.setVisible(false);
+		// Clear vulnerabilities from Problems View
+		PluginUtils.clearVulnerabilitiesFromProblemsView();
 	}
 
 	private void createScanIdComboBox(Composite parent){
@@ -850,6 +857,8 @@ private void onScanChangePluginLoading(String scan) {
 		// Hide center and right panels
 		resultViewComposite.setVisible(false);
 		attackVectorCompositePanel.setVisible(false);
+		// Clear vulnerabilities from Problems View
+		PluginUtils.clearVulnerabilitiesFromProblemsView();
 	}
 
 	/**
@@ -1309,6 +1318,9 @@ public void run() {
 				toolBarActions.getScanResultsAction().setEnabled(true);
 			}
 		});
+
+		// Clear vulnerabilities from Problems View
+		PluginUtils.clearVulnerabilitiesFromProblemsView();
 	}
 
 	/**

diff --git a/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java b/checkmarx-ast-eclipse-plugin/src/com/checkmarx/eclipse/views/DataProvider.java
@@ -109,7 +109,6 @@ public List<String> getBranchesForProject(String projectId) {
 		this.projectId = projectId;
 		List<String> branchList = new ArrayList<String>();
 
-
 			try {
 				CxWrapper cxWrapper = getWrapper();
 
@@ -229,6 +228,9 @@ private List<DisplayModel> processResults(Results scanResults, String scanId) {
 		}
 
 		List<Result> resultsList = scanResults.getResults();
+
+		// Add Checkmarx vulnerabilities to Problems View
+		PluginUtils.addVulnerabilitiesToProblemsView(resultsList);
 
 		// transform all the results at once to avoid multiple transformation steps
 		List<DisplayModel> allResultsTransformed = resultsList.stream().map(resultItem -> transform(resultItem)).collect(Collectors.toList());